Implementing NIST Information Security Standards and Controls
US Government organizations operate highly complex information systems that are targets of extreme value to malicious actors. Keeping these information systems secure is a critical task for agency information technology professionals. Various mandates, like FISMA, have been implemented to achieve a level of cybersecurity consistency across government systems, and to speed the adoption of best practices government wide.
To assist agencies in successfully navigating the complex task of securing their environments and achieving compliance with these mandates, NIST has created a system of publications to guide organizations through implementation of these best practices. Organizations first determining the agency security category through FIPS 199. Then, in a customized way, employing appropriate baseline security controls from NIST SP800-53 provides agencies the flexibility to bring into line the implementation of these controls with their organizational missions, business requirements and information systems. By following the guidance in these two publications organizations will be on the path to achieving the mandatory FISMA standards as described in FIPS 200, “Minimum Security Requirements for Federal Information and Information Systems”.
NIST notes that the security controls in NIST SP800-53 are technology and policy neutral. This means that the security controls and control enhancements focus on the fundamental safeguards and countermeasures necessary to protect information during processing, while in storage and during transmission. This approach provides agencies with the ability to select the solutions that best align to their organizational goals and needs.
BeyondTrust Alignment to NIST Controls
For the purpose of this brief we will explore a high-level overview of nine (9) NIST security control families and how BeyondTrust capabilities support the adoption of the controls directly related to privileged access and vulnerability management. Implementing NIST SP800-53 guidance is designed to be a strategic modular implementation of controls and best practices. The information that follows is organized by control family so that you can easily reference the area of most interest to your organization today, and reference back as you continue to implement other control families.
The first control within each control family addresses the establishment of policy associated with the focus area of the control. This policy in turn drives the detailed execution of the other controls in the family. BeyondTrust Privileged Access Management and Vulnerability Management solutions provide several ways to support the controlled implementation of policies, along with best practice and recommendations to control the policies as they are being updated across these control families.
Various BeyondTrust solutions address multiple controls associated with privilege access management and vulnerability management across these control families, helping agencies realize the benefits of a multi-tiered security strategy to create information systems that are more resilient in the face of inside and external threats.
For a complete guide of how BeyondTrust solutions map to the NIST 800-53 framework, download 'Addressing NIST SP800-53 Requirements with BeyondTrust Solutions'.